5 Answers
5

In the case of security it will only catch a limited number of issues, when the person that broke into your server and replaced/changed some files is rather inexperienced, as any "decent" rootkit will make sure that a tool like debsums will "see" the original files and no "alarm" will ring.

It might be slightly more useful to detect filesystem corruption.

In any case, it certainly does no harm, as long as you are aware of the limitations.

Well they are just there to make sure that your package (downloaded or copied from somewhere) is not corrupted. After you first download or copy the package it is helpful to prevent you from installing a broken package.

A broken package may work or may not work (poor stability). I don't think we should care about security when the system is not even stable.

After the package has been installed, you often don't need to run the verification again, unless there has been a disk failure or a power outage (or unless you are really paranoid about it). In case of such incidents, the file system can be damaged, leading to broken packages.

First keep in mind that distributions, like e.g. Debian, Ubuntu etc., use cryptographically signed packages, i.e. starting with a trusted install medium, the public key crypto assures that the packages from the official repositories are not modified on the way to your computer.

For verifying the checksums of installed packages there are a few use cases:

I think the short answer to Do these tools enhance the security of a system? is yes.

Keep in mind this is only an enhancement, there are many aspects of security and it is a long hard road to understanding even an overview of security. Such tools can be used to verify the integrity of your operating system, and this is important. Sure there will be things that can compromise or fool these tools, but imagine if you didn't have them, how would you verify your binaries if you suspected they'd been compromised? Obviously having corrupted binaries due to impending drive failure is a problem to.

Think about it increasing the knowledge that a hacker needs to have to be able to hack your system successfully without being detected. In this case, its trivial, and if someone knew enough to gain access to your systems, then they would be able to detect and subvert RPM checks

These kind of system checks also have a deterent effect that is cumulative. If its easier to hack another system, for the same reward, then some hackers will go elsewhere.